NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0279:  Ciphersuites for SRTP

Publication Date

Protection Profiles

Other References

Issue Description

The SBC and VVoIP EPs currently only include a single ciphersuite for use in SRTP. NSS customers would like the list of allowable ciphersuites expanded.


Updated 03/29/2018 to add AES_CM_128_HMAC_SHA1_32, in accordance with RFC 4568.

FCS_SRTP_EXT.1.2 is modified as follows:

FCS_SRTP_EXT.1.2  The TSF shall implement SDES-SRTP supporting the following ciphersuites [selection:

·         AES_CM_128_HMAC_SHA1_80, in accordance with RFC 4568,

·         AES_CM_128_HMAC_SHA1_32, in accordance with RFC 4568,

·         AES_256_CM_HMAC_SHA1_80, in accordance with RFC 6188,

·         AES_256_CM_HMAC_SHA1_32, in accordance with RFC 6188,

·         AEAD_AES_128_GCM, in accordance with RFC7714,

·         AEAD_AES_256_GCM, in accordance with RFC 7714].

Application Note: This requirement specifies that the SRTP session that will be used to carry the VoIP traffic will be keyed according to an SDES dialogue using one of the identified ciphersuites. The ST author should select any/all ciphersuites supported.

No change to the Assurance Activities is needed.


The additional ciphersuites included allow more flexibility and provide support for greater key lengths.

Site Map              Contact Us              Home